You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Andrew Kyle Purtell (Jira)" <ji...@apache.org> on 2021/10/01 17:35:00 UTC

[jira] [Updated] (HBASE-25304) Support AES-192 and AES-256 in DefaultCipherProvider

     [ https://issues.apache.org/jira/browse/HBASE-25304?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Andrew Kyle Purtell updated HBASE-25304:
----------------------------------------
        Parent: HBASE-13503
    Issue Type: Sub-task  (was: Improvement)

> Support AES-192 and AES-256 in DefaultCipherProvider
> ----------------------------------------------------
>
>                 Key: HBASE-25304
>                 URL: https://issues.apache.org/jira/browse/HBASE-25304
>             Project: HBase
>          Issue Type: Sub-task
>          Components: encryption
>            Reporter: Mate Szalay-Beko
>            Assignee: Mate Szalay-Beko
>            Priority: Major
>
> The DefaultCipherProvider currently supports AES-128. In some security policies (such as the Application Security and Development STIG), AES-256 is required in certain situations.
> I want to add AES-192 and AES-256 support. I quickly tried to implement this as part of HBASE-25263, but after 1-2 days I realized that it worths a separate task in Jira. The main challenge is that the key length and the algorithm needs to be decoupled in the code, and also some more tests need to be added to make sure we are backward-compatible and also supporting AES-192 and AES-256.
> Beside defining a new algorithm and key on the Java API, I also want to make the usage of e.g. AES-256 in the shell, like:
> {code:java}
> create 'test', {NAME => 'cf', ENCRYPTION => 'AES-256', ENCRYPTION_KEY => 'mysecret'}
> {code}
>  
> Also we should support AES-192 and AES-256 in master encryption keys. And we need to document how the users can configure / use it.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)